Matt McCutchen wrote:
On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
What are the plans to implement TLS directly into the mainstream rsync?
This would be a huge improvement, when using rsync with a daemon and
modules-based setup.
It's already easy to tunnel rsync into ssh, but this requires
1) ssh-user and shell access
2) to specify the full remote path
3) to forget about all the nifty features of rsyncd.conf (uid/gid,
ip-filtering, easy logging...)
If you know about any plan for the inegration of SSL/TLS... maybe the
CVS/SVN version has this already, please be kind and let me know.
There is a patch that is supposed to add SSL support:
http://rsync.samba.org/ftp/rsync/patches/openssl-support.diff
and some discussion of improving it:
http://lists.samba.org/archive/rsync/2007-April/017578.html
but my impression is that the patch doesn't work and hasn't been fixed.
You could access the daemon through stunnel. Another option is to use a
single-use daemon invoked over ssh, with a forced command (rsync
--server --daemon .) that limits the ssh login to invoking the daemon;
see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
in the man page. That gives you modules and logging right away. If you
need a uid/gid different from the ssh user's, you could run a
traditional daemon that listens only on localhost and have the ssh login
force a connection to that daemon, or you could just use ssh port
forwarding.
Matt
Thank you Matt for your response. I'm going to try that ASAP, but I've
read, too, that it's less than reliable.
Bruno
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
